MySQL Enterprise Firewall Vulnerability in Oracle MySQL
CVE-2025-21495

4.4MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Enterprise Firewall
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in the MySQL Enterprise Firewall of Oracle MySQL, allowing a high-privileged attacker with network access via multiple protocols to potentially compromise the Firewall. This vulnerability permits unauthorized actions that could lead to a denial-of-service (DoS) condition, causing the MySQL Enterprise Firewall to hang or crash repeatedly. Supported versions affected include 8.0.40 and earlier, 8.4.3 and earlier, and 9.1.0 and earlier.

Affected Version(s)

MySQL Enterprise Firewall * <= 8.0.40

MySQL Enterprise Firewall * <= 8.4.3

MySQL Enterprise Firewall * <= 9.1.0

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024